Category: FAIR
-
The Open Group recently highlighted me in the Individual Contributor Spotlight. I’ve been working with the Open Forum in various capacities since 2012 with the introduction of the Open FAIR certification. Met lots of great people and got to give back. Here’s what they wrote: The Security Forum thanks Jack for his foundational role in…
-
NIST webinar, app rationalization for Federal Cloud Smart policy, Risk Mgmt Maturity report, and Davos
-
First off, I’m very pleased to announce that I will be presenting again next year at the RSA Conference. My session is called “Maturing Cyber-Risk Management Practices: Framework and Next Steps” (EZCL-R01). This will be done as a Collaborative Learning Session (a new RSAC format). I’ll lead a discussion then turn it over to the…
·
-
Time for another roundup! Below are some works I’ve recently done on Apex Threat Agents, HITRUST, my time at the Gartner Summit, and some thoughts on Iranian attacks. How to Model Risk in an Apex Predator Cyber-World Enhancing HITRUST Risk Assessments with Cyber Risk Quantification (CRQ) Gartner 2019 Debate: Quantitative vs. Qualitative Cyber Risk Analysis…
-
As a part of my new role with RiskLens, I’ve been publishing several articles. Included here is a recap of my work over the past month: The ZombieLoad speculative execution bug raised the specter of a possible 40% hit in performance. I gave a plan to evaluate this new bug in the context of risk…
·
-
With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that in…
·
-
I was recently interviewed by the FAIR Institute as a part of their Meet a Member series. I talk a little bit about my origins measuring cyber risk using FAIR. You can listen to the interview here.
·
-
RSA Conference is next week and I’m excited to share that I will be presenting on some work a a colleague and I have done on building an Agent-Based Model (ABM) using FAIR risk data. This should be an interesting discussion, so please join me next Wednesday at 2:50PM Pacific in Moscone West 2011. I…
·
-
“There is a certain uselessness in saying an organization does not want to accept high risk.” My latest @ISACA article was published and as I was re-reading this line it resonated with me even more. You have to have more fidelity in how you define risk appetite for it to be useful. More tips on…
-
I was humbled this week when I was awarded the FAIR Champion award from the FAIR Institute at their annual conference last week at Carnegie Mellon in Pittsburgh, PA. Jack Jones has created this extraordinary thing in FAIR and it is and will continue to do nothing less than revolutionize our industry. That he decided…
·
The Risk Dr ® 